P
US9998500B2ActiveUtilityPatentIndex 41

Methods and systems for performing lawful interception (LI) in communication networks involving content adulteration with colluding agents

Assignee: WIPRO LTDPriority: Feb 15, 2016Filed: Mar 29, 2016Granted: Jun 12, 2018
Est. expiryFeb 15, 2036(~9.6 yrs left)· nominal 20-yr term from priority
Inventors:SEETHARAMAN SWAMINATHANJAYARAMAN VENKATA SUBRAMANIAN
H04L 63/30H04L 63/306
41
PatentIndex Score
0
Cited by
18
References
23
Claims

Abstract

A method for lawful interception in a communication network involving adulteration by colluding agent is disclosed. The method includes activating, selectively, communication data duplication functionality in at least one of a plurality of network devices, each of the plurality of network devices being located in separate network segments of a communication path between users, the data duplication functionality duplicates data being communicated between the users; comparing, in real-time, a set of adulteration parameters derived from duplicated communication data received from the at least one of the plurality of network devices with associated thresholds within a set of thresholds to detect adulteration in the duplicated communication data; determining a confidence level of detecting adulteration in duplicated communication data received from the at least one of the plurality of network devices; and modifying number of network devices having active communication data duplication functionality based on the comparing and the confidence level.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for performing lawful interception in a communication network, the method comprising:
 activating, selectively, communication data duplication functionality in at least one of a plurality of network devices, each of the plurality of network devices being located in separate network segments of a communication path between users, the data duplication functionality duplicates data being communicated between the users; 
 comparing, in real-time, a set of adulteration parameters derived from duplicated communication data received from the at least one of the plurality of network devices with associated thresholds within a set of thresholds to detect adulteration in the duplicated communication data; 
 determining a confidence level of detecting adulteration in duplicated communication data received from the at least one of the plurality of network devices; and 
 modifying a number of network devices having active communication data duplication functionality based on a result of the comparing and the confidence level, wherein modifying comprises inserting, relocating, or removing a network device of the plurality of network devices. 
 
     
     
       2. The method of  claim 1  further comprising receiving the duplicated communication data from the at least one of the plurality of network devices. 
     
     
       3. The method of  claim 1  further comprising detecting location and activity of colluding agents, the selective activation of communication data duplication functionality being in response to the detecting. 
     
     
       4. The method of  claim 3 , wherein modifying comprises altering location of the at least one of the plurality of network devices based on the confidence level determined, an altered location being close to one of a user and a colluding agent. 
     
     
       5. The method of  claim 1 , wherein comparing comprises:
 determining similarities in adulteration parameters in duplicated communication data received from the at least one of the plurality of network devices; 
 determining extent of overlap between thresholds breached by adulteration parameters in duplicated communication data received from the at least one of the plurality of network devices; 
 computing a difference in number of packets in the duplicated communication data received from the at least one of the plurality of network devices; and 
 determining extent of abnormal difference in contents of packets in the duplicated communication data received from the at least one of the plurality of network devices. 
 
     
     
       6. The method of  claim 1 , wherein modifying comprises:
 activating communication data duplication functionality in additional network devices when the confidence level is below a predefined threshold; and 
 deactivating communication data duplication functionality in a subset of the at least one of the plurality of network devices when the confidence level is above the predefined threshold. 
 
     
     
       7. The method of  claim 1 , wherein the set of adulteration parameters are selected from a group comprising packets with insufficient hop length, filling unused protocol headers, invalid, not used, or intentionally misleading Real-time Transport Protocol (RTP) header contents, interval between retransmission of the same packet, difference in content of retransmitted packet, unacceptable protocol or packet header values, port changes, reset and other flag adulterations, packets with insufficient or invalid Time-To-Live (TTL) contents, and packets with content length lower than the minimum possible content length for that packet type or protocol. 
     
     
       8. The method of  claim 1  further comprising monitoring a set of network parameters to detect a change in one or more of the set of network parameters. 
     
     
       9. The method of  claim 8 , wherein the set of network parameters are selected from a group comprising network congestion, network choke, packet queueing, buffer overflows, insufficient network coverage, link unavailability, network delays, packet drops, and users involved in session for the communication data. 
     
     
       10. The method of  claim 8  further comprising dynamically adapting at least one of the set of thresholds in response to detecting a change in at least one of the set of network parameters. 
     
     
       11. The method of  claim 1  further comprising correcting, selectively, adulteration in the duplicated communication data based on satisfaction of predefined criteria. 
     
     
       12. The method of  claim 11 , wherein the predefined criteria comprises meeting a confidence level of accuracy in correcting the adulterated content. 
     
     
       13. The method of  claim 1  further comprising an auto-tuning method of lawful interception, auto-tuning comprising adapting the set of thresholds for future communication sessions involving the users and learning appropriate number of network devices having active communication data duplication functionality to be activated to detect adulteration in future communication sessions involving the users. 
     
     
       14. A system for performing lawful interception in a communication network, the system comprising:
 at least one processor; and 
 a non-transitory computer-readable medium storing instructions that, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
 activating, selectively, communication data duplication functionality in at least one of a plurality of network devices, each of the plurality of network devices being located in separate network segments of a communication path between users, the data duplication functionality duplicates data being communicated between the users; 
 comparing, in real-time, a set of adulteration parameters derived from duplicated communication data received from the at least one of the plurality of network devices with associated thresholds within a set of thresholds to detect adulteration in the duplicated communication data; 
 determining a confidence level of detecting adulteration in duplicated communication data received from the at least one of the plurality of network devices; and 
 modifying a number of network devices having active communication data duplication functionality based on a result of the comparing and the confidence level, wherein modifying comprises inserting, relocating, or removing a network device of the plurality of network devices. 
 
 
     
     
       15. The system of  claim 14 , wherein the operations further comprise receiving the duplicated communication data from the at least one of the plurality of network devices. 
     
     
       16. The system of  claim 14 , wherein the operations further comprise detecting location and activity of colluding agents, the selective activation of communication data duplication functionality being in response to the detecting. 
     
     
       17. The system of  claim 14 , wherein the operation of comparing comprises operations of:
 determining similarities in adulteration parameters in duplicated communication data received from the at least one of the plurality of network devices; 
 determining extent of overlap between thresholds breached by adulteration parameters in duplicated communication data received from the at least one of the plurality of network devices; 
 computing a difference in number of packets in the duplicated communication data received from the at least one of the plurality of network devices; and 
 determining extent of abnormal difference in contents of packets in the duplicated communication data received from the at least one of the plurality of network devices. 
 
     
     
       18. The system of  claim 14 , wherein the operation of modifying comprises operations of:
 activating communication data duplication functionality in additional network devices when the confidence level is below a predefined threshold; and 
 deactivating communication data duplication functionality in a subset of the at least one of the plurality of network devices when the confidence level is above the predefined threshold. 
 
     
     
       19. The system of  claim 14 , wherein the operations further comprise monitoring a set of network parameters to detect a change in one or more of the set of network parameters. 
     
     
       20. The system of  claim 19 , wherein the operations further comprise dynamically adapting at least one of the set of thresholds in response to detecting a change in at least one of the set of network parameters. 
     
     
       21. The system of  claim 14 , wherein the operations further comprise correcting, selectively, adulteration in the duplicated communication data based on satisfaction of predefined criteria. 
     
     
       22. The system of  claim 21 , wherein the predefined criteria comprises meeting a confidence level of accuracy in correcting the adulterated content. 
     
     
       23. A non-transitory computer-readable storage medium for performing lawful interception in a communication network, when executed by a computing device, cause the computing device to:
 activate, selectively, communication data duplication functionality in at least one of a plurality of network devices, each of the plurality of network devices being located in separate network segments of a communication path between users, the data duplication functionality duplicates data being communicated between the users; 
 compare, in real-time, a set of adulteration parameters derived from duplicated communication data received from the at least one of the plurality of network devices with associated thresholds within a set of thresholds to detect adulteration in the duplicated communication data; 
 determine a confidence level of detecting adulteration in duplicated communication data received from the at least one of the plurality of network devices; and 
 modify a number of network devices having active communication data duplication functionality based on a result of the comparing and the confidence level, wherein modifying comprises inserting, relocating, or removing a network device of the plurality of network devices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.